To pass SafetyNet...

[C9Glax]

I was able to pass SafetyNet basic and cts with Magisk installed (Only Basic Eval, not Hardware attested). Setup: Device: Xiaomi Mi 9T (Europe) ROM: ArrowOS (11, no GAPPS) Other software: MicroG, Magisk

Steps to reproduce:

1. Flash Firmware, ROM and Magisk 2. Install MicroG (Core, Proxy, Store and DroidHelper) (from F-Droid)
2. Setup Magisk (incl. Environment and reboot)
3. On Magisk install Modules:
   • Riru
   • Riru EdXposed
   • microG Installer Revived (To install as system-app)
   • MagiskHide Props Config
4. Reboot 6. Install kdrag0n Universal SafetyNet Fix with Magisk
5. In EdXposed install "HiddenCore" Module 8. In a terminal-emulator use (su) props and replace the fingerprint with one that matches your security fix. (e.g. Android Q/R, just use a Google Pixel) Finally a step that requires a bit more attention:
6. Download a custom DroidGuard (WARNING: This is not recommended, but has to be done, because MicroG DroidGuard crashes while checking)
7. Replace /system/priv-app/DroidGuard/DroidGuard.apk with the downloaded apk.
8. Uninstall the old DroidGuard (root uninstall required), reboot, and re-install with the replaced file.
9. Don't forget to setup MicroG and enable SafetyNet!

Enjoy, and tell me if it works for you.

[nift4]

HiddenCore fakes SafetyNet.

[C9Glax]

So what you are saying is that you actually don't need to fake props and use the custom DroidGuard?

Edit: You have to use custom DroidGuard.

[nift4]

Nope, I say you should not use HiddenCore because actual apps that use SafetyNet will not work.

[nift4]

I did run into that trap already...

[C9Glax]

You are right, and it annoys me -,-

[GEkuL]

@C9Glax hello there, could you help me with the issue?

I have almost the same story as you, but can't pass SafetyNet. Can you contact me please?

[markone89]

@C9Glax hello there, could you help me with the issue?

I have almost the same story as you, but can't pass SafetyNet. Can you contact me please?

Same situation with POCO X3 pro, crdroid 7.13 (and any custom rom (microg lineageos, arrowOS, with magisk canary (with zygisk) or stable (riru), , If anyone can advise I would appreciate. Momo: Device is running a custom rom Safetynet check advice: RESTORE_FACTORY_ROM Any ideas?

[ghost]

The whole SafetyNet concept itself is a GMS based attestation. Remember that we're spoofing GMScore to be able to utilize their services. CTS is a security layer where it's been updated, improvised, & gets security vulnerabilities fixed on each monthly Android update. That's why even if you successfully attempt to do that, it'll probably fail back eventually.

[markone89]

Thank you very much for your answer, and sorry for the late response. Now I'm understand the mechanism. :)

[ale5000-git]

Latest microG GmsCore pass SafetyNet.

[D3SOX]

Still fails for me. Using Lineage for microG on a OnePlus 8T + Magisk v24 (Zygisk enabled) Updated microG Services Core via F-Droid

Screenshot


[Atemu]

OP8T is rather new; are you even able to pass safetynet with real gapps with an unlocked bootloader?

[ale5000-git]

If the bootloader is unlocked the one that compile the ROM must include the patch to hide it (or use Magisk to hide it, probably there is a module for it). I'm able to pass it on Galaxy S2.

Try to test with this app: https://play.google.com/store/apps/details?id=org.freeandroidtools.safetynettest It should give a more detailed reply.

[D3SOX]

@Atemu Yes I think so, I haven't used Gapps in a while.

I tried https://github.com/kdrag0n/safetynet-fix/ and now it looks like this


With the other app


I can try backing up my stuff and see if I get safetynet with an unlocked bootloader + stock ROM + Magisk

[ale5000-git]

@D3SOX: You problem is specific to your phone, not general; so please open a separate issue to avoid confusion.

[parcelcat]

@D3SOX Installing MagiskHide Props Config and setting a certified device fingerprint should make SafetyNet pass the CTS profile match. (This applies to all devices that pass the basic integrity check, but not the CTS profile match.)

[D3SOX]

@D3SOX Installing MagiskHide Props Config and setting a certified device fingerprint should make SafetyNet pass the CTS profile match. (This applies to all devices that pass the basic integrity check, but not the CTS profile match.)

I tried that already setting it to the OnePlus 8T fingerprint, which one did you use? And should I have both SafetyNet Fix and Hide Props Config enabled at the same time? I had only one at a time enabled while testing it.

[parcelcat]

@D3SOX Yes, I need both packages at the same time to pass SafetyNet. I used the fingerprint that matched my device model, so I would expect the OnePlus 8T fingerprint to work for you.

[D3SOX]

@parcelcat Thank you. Now microG is good but the other app still complains

Screenshots

 

Is there an app I can try that requires SafetyNet to run?

[markone89]

I would like to make work on my poco x3 pro as in the past the following app: https://play.google.com/store/apps/details?id=hu.otpbank.mobile&hl=en&gl=US you can test registration not need to start the program. At the beginning you will fail to start the app if the phone is not compliant. If you will see the logon screen you passed :)

[ale5000-git]

I think that there is some issue with the latest version of SafetyNet Helper Sample.

I currently use this to test: https://play.google.com/store/apps/details?id=org.freeandroidtools.safetynettest https://m.apkpure.com/it/safetynet-test/org.freeandroidtools.safetynettest

[D3SOX]

@ale5000-git This app says I'm good to go :tada: Nice job @ everybody who was involved in making this happen.

[ArchangeGabriel]

@ale5000-git Yes, that is likely because the developer revoked his key after it has been used in this repository (https://github.com/microg/GmsCore/issues/1644). So the app need to be updated.

[parcelcat]

Glad it worked! For anyone who is looking for a SafetyNet testing app, I recommend YASNAC because it is ad-free and open source: https://play.google.com/store/apps/details?id=rikka.safetynetchecker

[ghost]

Latest microG GmsCore pass SafetyNet.

Wow is it really true? Tell me if it's DroidGuard or GMSCore itself...😅

[JonnyTech]

https://github.com/microg/GmsCore/releases/tag/v0.2.23.214816

v0.2.23.214816
Changelog
    SafetyNet / DroidGuard:
        Implement DroidGuard without additional helper.

No need for DroidGuard helper any more, just install GMSCore.

[markone89]

Dears,

With the latest microg+magisk v24 (zygisk enforce list)+magisk hide props everything working pretty well :)

Thank you for all! :)

[IngwiePhoenix]

So I am a little stuck...

• Device: Razer Phone 2
• OS: Lineage OS 18.1, no GAPPS
• Magisk: 24.3
  • LSPosed: 1.8.0
  • FakeGApps: 3.0 via fork by whew-inc
  • USNF: 2.2.1
  • microG Installer Revived: 2.6.2-0 (microG Services Core 0.2.24.214816)

When I run YASNAC, the basic integrity passes but I am told that the CTS profile does not match.

Any idea how I could fix that? Thank you :)

[D3SOX]

So I am a little stuck...

• Device: Razer Phone 2
• OS: Lineage OS 18.1, no GAPPS
• Magisk: 24.3
  • LSPosed: 1.8.0
  • FakeGApps: 3.0 via fork by whew-inc
  • USNF: 2.2.1
  • microG Installer Revived: 2.6.2-0 (microG Services Core 0.2.24.214816)

When I run YASNAC, the basic integrity passes but I am told that the CTS profile does not match.

Any idea how I could fix that? Thank you :)

Try installing MagiskHideProps and Universal SafetyNet Fix. I pass everything in YASNAC with them. Also I'd recommend using Lineage for microG instead of installing it via Magisk.

[Atemu]

To be more precise, you need to use MagiskHideProps to get a google-blessed device fingerprint. You won't pass CTS with a custom rom fingerprint.

In my case, I USF didn't actually do anything; I only needed to change my fingerprint.

[IngwiePhoenix]

So I am a little stuck...

• Device: Razer Phone 2
• OS: Lineage OS 18.1, no GAPPS

• Magisk: 24.3

  • LSPosed: 1.8.0

  • FakeGApps: 3.0 via fork by whew-inc

  • USNF: 2.2.1

  • microG Installer Revived: 2.6.2-0 (microG Services Core 0.2.24.214816)

When I run YASNAC, the basic integrity passes but I am told that the CTS profile does not match. Any idea how I could fix that? Thank you :)

Try installing MagiskHideProps and Universal SafetyNet Fix. I pass everything in YASNAC with them. Also I'd recommend using Lineage for microG instead of installing it via Magisk.

That worked! Thanks for the hint, everything is passing now as it should.

[ghost]

Some points to consider:

1. Your ROM should support signature spoofing. If not, you need to use LSPosed module with FakeGApps
2. If your ROM is not safetynet patched, then you can flash kdrag0n's safetynet fix magisk module. If it's already patched, then you don't need it.
3. Your ROM should spoof any official supported device fingerprint like Pixel 5, 4 XL, or any Redmi's fingerprint. If it did not, then you can try PixelProps module (redfin is recommended)
4. If you don't intend to root your system at all, then the ROM you flash must satisfy the above three points out of the box. And you have to patch the vanilla version of that ROM with MinMicrog with any custom recovery, which'll work even without magisk.

Some other points which are false:

1. No. Flashing magisk modules won't break your CTS.
2. No. YASNAC or any other safetynet apps usually not needed or required. Microg now has it's own safetynet checker.
3. No. MagiskHide is deprecated now. Update your magisk & enable Zygisk Denylist. Then add your apps into it that insist not to work due to root issues.

[alfredonodo]

Hi, I have a samsung s8+ with lineage os 19.1 (without gapps), microg (0.2.24), magisk (2.51), universal satefyNet Fix (2.3.1) and magiskHidePropsConfig (6.1.2). Unfortunately, I cannot pass the safetyNet test because the CTS profile does not match. What can I do? Thanks

[ghost]

@alfredonodo

microg (0.2.24)

How did you install microg ? On a fresh install, try minMicrog. Or microg_revived (magisk only)

magiskHidePropsConfig (6.1.2)

is outdated. Dev dropped it & you have to use something like Pixel Props.

[alfredonodo]

@alfredonodo

microg (0.2.24)

How did you install microg ? On a fresh install, try minMicrog. Or microg_revived (magisk only)

magiskHidePropsConfig (6.1.2)

is outdated. Dev dropped it & you have to use something like Pixel Props.

I installed microg via apk download from the official site. OK I will use Pixel Props.

[ghost]

I installed microg via apk download from the official site

You need to systemize it. Microg have issues on userspace side. Or better flash any of the 2 bundles I suggested above.

[alfredonodo]

I installed microg via apk download from the official site

You need to systemize it. Microg have issues on userspace side. Or better flash any of the 2 bundles I suggested above.

How can I systemize microg? Pixel Props does not support S8+.

Edit: I solved, thank you. I installed microG, magisk, universal satefyNet Fix and microG Installer.